this post was submitted on 01 May 2026
326 points (96.8% liked)

Selfhosted

58983 readers
376 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

  7. No low-effort posts. This is subjective and will largely be determined by the community member reports.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 2 years ago
MODERATORS
ruud@lemmy.world
Loki@lemmy.world
CannaVet@lemmy.world
HybridSarcasm@lemmy.world
devve@lemmy.world
HybridSarcasm@lemmy.hybridsarcasm.xyz
326
my homeserver mapped (feddit.nl)
submitted 4 days ago by blinfabian@feddit.nl to c/selfhosted@lemmy.world
48 comments fedilink hide all child comments
 

i love selfhosting :3

you are viewing a single comment's thread
view the rest of the comments
[–] kureta@lemmy.ml 5 points 4 days ago* (last edited 3 days ago) (1 children)

Am I doing something wrong? All my services are grouped in docker compose files. Containers that have to communicate internally - a server and it's db for example - are on their own private docker network. A reverse proxy has its ports 80 and 443 open and it is on an external docker network. Services that I need to access from the outside are on this network and they do not have any ports open. Except for the torrent client, which has a UDP port open.

[–] jimerson@lemmy.world 4 points 3 days ago (2 children)

It's strong, but splitting services into separate VMs is stronger than just using separate docker containers. This is especially true for the torrent client.

I'm not a netsec professional, this is just my understanding of best practices.

[–] Fmstrat@lemmy.world 1 points 2 hours ago

Soooo this is not really true unless you don't trust your kernel. While a VM is more isolated from the host, since a container shares kernel space, that doesn't make it less secure. I.E. isolation does not equal security.

Actual sandbox escape vulnerabilities happen in VMs as frequently as they do in Docker, and while all VMs have a full systems that many exfiltrations can hit (due to a full suite of services running), many docker containers are locked to a user space with only one process running.

@kureta@lemmy.ml if you are running separate Docker networks in compose, I would not recommend switching to VMs. If that kind of isolation is a requirement, add another server and use different SSH keys for it.

[–] kureta@lemmy.ml 3 points 3 days ago (1 children)

I am also just a hobbyist, so that was a genuine question. Thanks for the answer.

[–] jimerson@lemmy.world 2 points 3 days ago

Same here! Good luck with your setup!!